Re: Shimming HTTP to HTTPS.

To: debian-user@lists.debian.org
Subject: Re: Shimming HTTP to HTTPS.
From: Reco <recoverym4n@enotuniq.net>
Date: Thu, 22 Aug 2019 20:32:33 +0300
Message-id: <[🔎] E1i0qxg-0008Gb-Tx@enotuniq.net>
In-reply-to: <[🔎] E1i0ova-0007w2-6j@joule.invalid>
References: <E1hnrXI-0001TD-UZ@dalton.invalid> <E1ho0c1-0001Rb-VB@enotuniq.net> <E1hrlrN-0002IM-Cf@joule.invalid> <E1hrmU3-0005KH-9S@enotuniq.net> <[🔎] E1i0ova-0007w2-6j@joule.invalid>

	Hi.

On Thu, Aug 22, 2019 at 08:23:06AM -0700, peter@easthope.ca wrote:
> *	From: Reco 
> *	Date: Sun, 28 Jul 2019 19:57:19 +0300
> > ... NSS is not the best TLS implementation. There's some hope for 
> > dillo depending on if it uses openssl or gnutls.
> 
> How do you evaluate these?  Published review?  Study of sources?

Easy. Take a server software that's intended to be used in Internet
environment. Look at its dependencies. Observe that it's either openssl
or gnutls or (very rare) mbedtls.
NSS is a popular choice for client software, relative ease of use being
its only redeeming quality.

> > Have you meant "Oberon sends HTTP request that should be transformed to
> > HTTPS"? That's where that hypothetical proxy comes in.
> 
> OK, yes.  If http://en.wikipedia.org/wiki/Linux is put in the URL bar 
> of dillo, it opens https://en.wikipedia.org/wiki/Linux. If 
> https://en.wikipedia.org/wiki/Linux is put in the URL bar,  dillo 
> opens it.  I imagine similar behaviour in Oberon.

Relatively simple, but see below.

> > Oberon browser sends HTTP request, but gets HTTPS redirect (301/302) in
> > result.
> 
> Yes; ideally, redirection is handled gracefully.

That's two different cases, this and the previous one.
The difference being - in this case a hypothetical proxy should
intercept a redirect, make HTTPS request on its own, get HTTP response
and present it to the browser as if redirect never happened.
And I can count at least three different ways of doing such redirect -
classic 301/302 HTTP code, <meta> redirect in HTML page, and Javascript
one. But again, see below.

> > Oberon browser sends HTTP request, proxy transforms it into HTTPS, gets
> > HTTPS reply, transforms it back into HTTP reply ... only to send Oberon
> > browser a huge pile of HTTPS links to pictures, css, js and whatnot.
> 
> For now I'd be happy if Oberon could open the text in a 
> simple page.  https://en.wikibooks.org/wiki/Oberon/S3/2003-01-05/Mail.Mod
> for example.

Your link is a good example of case 3 - HTTP response peppered with
multiple HTTPS links. Hence, [1] is about the only reasonable choice you
have.

If you need an example of easy page, pardon the obscene lyrics, you need
this:

https://evenbettermotherfucking.website/

> > [1] https://github.com/tenox7/wrp
> 
> Appears that a X86-64 or ARM system is required.

So? There's no law that requires a proxy to be on the same host as a
browser.

Reco

Reply to:

References:
- Re: Shimming HTTP to HTTPS.
  - From: peter@easthope.ca

Prev by Date: Re: Display multiple virtual consoles on multiple displays
Next by Date: Re: ttf-mscore fonts and contrib repos
Previous by thread: Re: Shimming HTTP to HTTPS.
Next by thread: Re: Shimming HTTP to HTTPS.
Index(es):
- Date
- Thread